Professional Documents
Culture Documents
Unit2CS Kulvinder PDF
Unit2CS Kulvinder PDF
Unit2CS Kulvinder PDF
EE 2nd Year
Unit - 2
Security - The protection afforded to an automated information system in order to attain the applicable
objectives of preserving the integrity, availability, and confidentiality of information system resources (includes
hardware, software, firmware, information/ data, and telecommunications).
Confidentiality: Preserving authorized restrictions on information access and disclosure, including means for
protecting personal privacy and proprietary information. A loss of confidentiality is the unauthorized disclosure
of information.
Integrity: Guarding against improper information modification or destruction, including ensuring information
non repudiation and authenticity.
A loss of integrity is the unauthorized modification or destruction of information.
Availability: Ensuring timely and reliable access to and use of information.
A loss of availability is the disruption of access to or use of information or an information system.
Application security - Application security is the use of software, hardware, and procedural methods to
protect applications from external threats. Security is becoming an increasingly important concern during
development as applications become more frequently accessible over networks and are, as a result, vulnerable
to a wide variety of threats. Security measures built into applications and a sound application security routine
minimize the likelihood that unauthorized code will be able to manipulate applications to access, steal, modify,
or delete sensitive data.
Actions taken to ensure application security are sometimes called countermeasures. The most basic software
countermeasure is an application firewall that limits the execution of files or the handling of data by specific
installed programs. The most common hardware countermeasure is a router that can prevent the IP address of an
individual computer from being directly visible on the Internet. Other countermeasures include conventional
firewalls, encryption/decryption programs, anti-virus programs, spyware detection/removal programs and
biometric authentication systems.
Application security can be enhanced by rigorously defining enterprise assets, identifying what each application
does (or will do) with respect to these assets, creating a security profile for each application, identifying and
prioritizing potential threats and documenting adverse events and the actions taken in each case. This process is
known as threat modeling. In this context, a threat is any potential or actual adverse event that can compromise
the assets of an enterprise, including both malicious events, such as a denial-of-service (DoS) attack, and
unplanned events, such as the failure of a storage device.
Database security - Database security concerns the use of a broad range of information security controls to
protect databases (potentially including the data, the database applications or stored functions, the database
systems, the database servers and the associated network links) against compromises of their confidentiality,
integrity and availability. It involves various types or categories of controls, such as technical,
procedural/administrative and physical. Database security is a specialist topic within the broader realms of
computer security, information security and risk management.
Many layers and types of information security control are appropriate to databases, including:
Access control
Auditing
Authentication
Encryption
Integrity controls
Backups
Application security
Database Security applying Statistical Method
Email Security - Email is vulnerable to both passive and active attacks. Passive threats include Release of
message contents, and traffic analysis while active threats include Modification of message contents,
Masquerade, Replay, and denial of service attack. Actually, all the mentioned threats are applicable to the
traditional email protocols.
Because email connects through many routers and mail servers on its way to the recipient, it is inherently
vulnerable to both physical and virtual eavesdropping. Current industry standards do not place emphasis on
security; information is transferred in plain text, and mail servers regularly conduct unprotected backups of
email that passes through. In effect, every email leaves a digital papertrail in its wake that can be easily
inspected months or years later.
To provide a reasonable level of privacy, all routers in the email pathway, and all connections between them,
must be secured. This is done through data encryption, which translates the email's contents into
incomprehensible text that, if designed correctly, can be decrypted only by the recipient. An industry-wide push
toward regular encryption of email correspondence is slow in the making. However, there are certain standards
that are already in place which some services have begun to employ.
There are two basic techniques for providing such secure connections.[citation needed] The electronic envelope
technique involves encrypting the message directly using a secure encryption standard such as OpenPGP
(Public key infrastructure), S/MIME. These encryption methods are often a user-level responsibility, even
though Enterprise versions of OpenPGP exist. The usage of OpenPGP requires the exchange of encryption
keys. Even if an encrypted email is intercepted and accessed, its contents are meaningless without the
decryption key. There are also examples of secure messaging solutions available built on purely symmetric keys
for encryption. These methods are also sometimes tied with authorization in the form of authentication.
Authentication just means that each user must prove who he is by using either a password, biometric (such as a
fingerprint), or other standard authentication means.
Internet security – Internet security is a tree branch of computer security specifically related to the Internet,
often involving browser security but also network security on a more general level as it applies to other
applications or operating systems on a whole. Its objective is to establish rules and measures to use against
attacks over the Internet.[1] The Internet represents an insecure channel for exchanging information leading to a
high risk of intrusion or fraud, such as phishing.[2] Different methods have been used to protect the transfer of
data, including encryption.
Data Backup and Archive - There is often confusion between a data archive and a backup. A classic
backup application takes periodic images of active data in order to provide a method of recovering records that
have been deleted or destroyed. Most backups are retained only for a few days or weeks as later backup images
supersede previous versions.
Essentially, a backup is designed as a short-term insurance policy to facilitate disaster recovery, while an
archive is designed to provide ongoing rapid access to decades of business information. Archived records can
be placed outside the traditional backup cycle for a long period of time, while backup operations protect active
data that's changing on a frequent basis.
Performance is an important factor for backup, but since most backup operations involve large data sets, the
ability to quickly stream information to and from the backup media is a first priority. Fast random access to
small data sets during restore operations is typically less important. As an insurance policy, it is also necessary
to minimize backup expense by reducing the cost of each stored record. The media of choice for backup and
disaster recovery applications has traditionally been magnetic tape since it satisfies the performance and cost
criteria of most organizations.
Archive requirements
Data authenticity
Extended media longevity
High-performance random read access
Low total cost of ownership
Archival storage requirements are quite different from those of backup operations. Media longevity and data
authenticity feature much more prominently in archive environments. The storage media used within an archive
should have a stable, long life to avoid frequent data migration over decades of storage. In order to comply with
corporate and government regulations on data authenticity, it is crucial that information be protected from
modification.
Unlike backups, the performance bottleneck for an archive is not read/write streaming, but in providing fast
access to potentially millions of records requested by thousands of users. For data archives, fast random access
is typically the most critical performance consideration.
Information systems storee data on a wide variety of storage media, including: internal and external hard drives;
internal solid-state
state memory, removable flash memory cards and flash drives;; floppy, ZIP and other types
of removable magnetic disks; tapes, cartridges and other linear magnetic media; optical storage using CDs and
DVDs; and paper.
Disposal of Data - To prevent unauthorized access, it is critical that data be rendered unreadable when it
or the device on which it resides are no longer needed. This is required by law (and common sense) for
all computers and media containing sensitive info
information.
You can take a hammer or a high-speed speed drill to your hard drive, USB drive or other device. Chances are
excellent that you'll render it inoperable in short order. But be warned that recovery of data from physically
mangled magnetic devices is still possible. Physical destruction is generally something that must be done by a
trained person to be completely effective, particularly for hard drives.
Optical media
"Write-many"
many" optical media (such as CD CD-RWs and DVD-RWs) RWs) can be processed via an over-write
over method
similar to that for magnetic media. However, the vast majority of optical media in use are of the "write
once" type -- notablyy the ubiquitous CD
CD-Rs and DVD-Rs. They cannot be over-written.
written. Because such media
are optical rather than magnetic, neither can they be degaussed.
As with magnetic media, you can perform a physical attack. Cutting a CD or DVD with scissors is an alternative
alt if you
have only a few to do. But note that cut-up up discs have been successfully reassembled and read, so cut them into multiple
pieces and, ideally, dispose of the pieces in different trash receptacles.
Firewall –
In computing, a firewall is a software or hardware
hardware-based network security system that controls the incoming
and outgoing network traffic based on applied rule set. A firewall establishes a barrier between a trusted, secure
internal network and another network (e.g., the Internet) that is not assumed to be secure and trusted.
A virtual private network (VPN)) extends a private network across a public network, such as the Internet. It
enables a computer to send and receive data across shared or public networks as if it is directly connected to the
private network, while benefiting from the functionality, securi
security
ty and management policies of the private
network.[1] A VPN is created by establishing a virtual point-to-point connection through the use of dedicated
connections, virtual tunneling protocols, or traffic encryptions.
A virtual private network connection across the Internet is similar to a wide area network (WAN) link between
websites. From a user perspective, the extended network resources are accessed in the same way as resources
available within the private network.
Malware - Malware, short for malicious software, is any software used to disrupt computer operation, gather
sensitive information, or gain access to private computer systems. It can appear in the form of executable code,
scripts, active content, and other software. 'Malware' is a general term used to refer to a variety of forms of
hostile or intrusive software. The term badware is sometimes used, and applied to both true (malicious)
malware and unintentionally harmful software.
Computer virus - A computer virus is a small piece of software that can spread from one infected computer to
another. The virus could corrupt, steal, or delete data on your computer—even erasing everything on your hard
drive. A virus could also use other programs like your email program to spread itself to other computers.
Computer worm - A computer worm is a software program that can copy itself from one computer to another,
without human interaction. Worms can replicate in great volume and with great speed. For example, a worm
can send copies of itself to every contact in your email address book and then send itself to all the contacts in
your contacts’ address books.
Because of their speed of infection, worms often gain notoriety overnight infecting computers across the globe
as quickly as victims around the world switch them on and open their email. This happened with the Conficker
worm (also known as Downadup), which, in just four days, had more than tripled the number of computers it
infected to 8.9 million.
Logic Bomb - A logic bomb is a piece of code intentionally inserted into a software system that will set off a
malicious function when specified conditions are met. For example, a programmer may hide a piece of code
that starts deleting files (such as a salary database trigger), should they ever be terminated from the company.
Software that is inherently malicious, such as viruses and worms, often contain logic bombs that execute a
certain payload at a pre-defined time or when some other condition is met. This technique can be used by a
virus or worm to gain momentum and spread before being noticed. Some viruses attack their host systems on
specific dates, such as Friday the 13th or April Fool's Day. Trojans that activate on certain dates are often called
"time bombs".
Trapdoor - A computer trapdoor, also known as a back door, provides a secret -- or at least undocumented --
method of gaining access to an application, operating system or online service. Programmers write trapdoors
into programs for a variety of reasons. Left in place, trapdoors can facilitate a range of activities from benign
troubleshooting to illegal access.
Spoofing - In the context of network security, a spoofing attack is a situation in which one person or program
successfully masquerades as another by falsifying data and thereby gaining an illegitimate advantage.
Email Virus - An e-mail virus is computer code sent to you as an e-mail note attachment which, if activated,
will cause some unexpected and usually harmful effect, such as destroying certain files on your hard disk and
causing the attachment to be remailed to everyone in your address book.
Macro Virus - In computing terminology, a macro virus is a virus that is written in a macro language: that is to
say, a language built into a software application such as a word processor. Since some applications (notably, but
not exclusively, the parts of Microsoft Office
Office) allow macro programs to be embedded in documents, so that the
programs may be run automatically when the document is opened, this provides a distinct mechanism by which
viruses can be spread. This is why it may be dangerous to open unexpected attachments in e-mails. Modern
antivirus software detects macro viruses as well as other types.
Digital Signature - A digital signature is a mathematical scheme for demonstrating the authenticity of a
digital message or document. A valid digital signature gives a recipient reason to believe that the message was
created by a known sender, such that the sender cannot deny having sent the memessage
ssage (authentication
( and non-
repudiation)) and that the message was not altered in transit ((integrity).